Analysis
-
max time kernel
120s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
09-11-2024 23:14
Behavioral task
behavioral1
Sample
9ec862870dccb8b142518eb09403075ef14afcd508c4047243e993d0a7ff7ed5N.exe
Resource
win7-20240903-en
General
-
Target
9ec862870dccb8b142518eb09403075ef14afcd508c4047243e993d0a7ff7ed5N.exe
-
Size
331KB
-
MD5
8a4226f8ae7784d97a38329d44113770
-
SHA1
7c8f1c48746e120a464d43e62df42e699caf36e7
-
SHA256
9ec862870dccb8b142518eb09403075ef14afcd508c4047243e993d0a7ff7ed5
-
SHA512
7d7a40498e9b4ac357030cebfc2144b50d9a325569526b81ac7b111af3e46a0f223696938a0766e5ccaabd9c777c44789bb963785d12eca37476fe819803324e
-
SSDEEP
6144:vcm4FmowdHoStJdJIjaRleL42bL37BoTPkhu9gX5yGsTshQc8R0nxA5ij8+RC7tu:94wFHoStJdSjylh2b77BoTMA9gX59sT2
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 37 IoCs
Processes:
resource yara_rule behavioral1/memory/2300-6-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2872-14-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2644-24-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2780-32-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2632-43-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/3052-46-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/264-61-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1268-69-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1964-78-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1272-85-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2560-95-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2988-102-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2932-111-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2676-134-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2056-144-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/836-152-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/856-160-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/888-175-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1436-191-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1144-205-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1160-213-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1396-221-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2168-229-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1328-244-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2072-267-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1620-305-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1620-322-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2628-329-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2604-394-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2924-400-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2924-406-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/856-446-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2044-526-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2660-604-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1796-644-0x00000000003C0000-0x00000000003E7000-memory.dmp family_blackmoon behavioral1/memory/2960-735-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1348-748-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
vvvdp.exeffxlrrf.exerlxrffr.exejdvjp.exefffrfrf.exebttbht.exe5vdjv.exe5rlfrxf.exedvjjv.exefxxxflr.exenhttht.exe7dvvv.exexrflxxl.exebthtbh.exevpdjj.exerlfxfrf.exebtntnb.exevvpvj.exellxfrxl.exetnbnbh.exexfffxfr.exettntbh.exepjvvj.exelfrflxl.exe7thhhh.exexxffxxr.exe3tnnnt.exevvpjj.exe3rffxfl.exenbtttt.exerlfrffl.exexrrxllr.exe3bhhnt.exepvvdd.exefxrxlxf.exehhbnhn.exevpvvd.exeppjvd.exe1lflrxf.exehbthnn.exehbbnht.exeppvvd.exe3xrrrfr.exenhtbnn.exejpddv.exe5flrrxf.exerxlfllf.exebnnnbb.exejjddj.exe7xrxffl.exe7btbhh.exenbnhhh.exe9djjj.exexrlrflx.exe7frrrrr.exe1tnthn.exejjddv.exefxxxlxr.exehbnntt.exetnhttb.exejdppj.exe5lxlrxl.exehthhnn.exebtntbb.exepid process 2872 vvvdp.exe 2644 ffxlrrf.exe 2780 rlxrffr.exe 2632 jdvjp.exe 3052 fffrfrf.exe 264 bttbht.exe 1268 5vdjv.exe 1964 5rlfrxf.exe 1272 dvjjv.exe 2560 fxxxflr.exe 2988 nhttht.exe 2932 7dvvv.exe 2880 xrflxxl.exe 2936 bthtbh.exe 2676 vpdjj.exe 2056 rlfxfrf.exe 836 btntnb.exe 856 vvpvj.exe 1772 llxfrxl.exe 888 tnbnbh.exe 2008 xfffxfr.exe 1436 ttntbh.exe 1536 pjvvj.exe 1144 lfrflxl.exe 1160 7thhhh.exe 1396 xxffxxr.exe 2168 3tnnnt.exe 1552 vvpjj.exe 1328 3rffxfl.exe 1280 nbtttt.exe 2280 rlfrffl.exe 2072 xrrxllr.exe 2268 3bhhnt.exe 2696 pvvdd.exe 892 fxrxlxf.exe 1036 hhbnhn.exe 2540 vpvvd.exe 2904 ppjvd.exe 1620 1lflrxf.exe 2816 hbthnn.exe 2804 hbbnht.exe 2284 ppvvd.exe 2628 3xrrrfr.exe 2692 nhtbnn.exe 2668 jpddv.exe 536 5flrrxf.exe 880 rxlfllf.exe 588 bnnnbb.exe 1268 jjddj.exe 820 7xrxffl.exe 2088 7btbhh.exe 2420 nbnhhh.exe 2992 9djjj.exe 2820 xrlrflx.exe 2604 7frrrrr.exe 1256 1tnthn.exe 2924 jjddv.exe 3024 fxxxlxr.exe 1804 hbnntt.exe 688 tnhttb.exe 2448 jdppj.exe 1404 5lxlrxl.exe 1856 hthhnn.exe 856 btntbb.exe -
Processes:
resource yara_rule behavioral1/memory/2300-0-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\vvvdp.exe upx behavioral1/memory/2300-6-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\ffxlrrf.exe upx behavioral1/memory/2872-14-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\rlxrffr.exe upx behavioral1/memory/2644-24-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2780-25-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\jdvjp.exe upx behavioral1/memory/2780-32-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\fffrfrf.exe upx behavioral1/memory/2632-43-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/3052-46-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/264-53-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\bttbht.exe upx behavioral1/memory/264-61-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\5vdjv.exe upx behavioral1/memory/1268-63-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1268-69-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\5rlfrxf.exe upx C:\dvjjv.exe upx behavioral1/memory/1964-78-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1272-85-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\fxxxflr.exe upx C:\nhttht.exe upx behavioral1/memory/2560-95-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\7dvvv.exe upx behavioral1/memory/2988-102-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\xrflxxl.exe upx behavioral1/memory/2932-111-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\bthtbh.exe upx C:\vpdjj.exe upx C:\rlfxfrf.exe upx behavioral1/memory/2676-134-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\btntnb.exe upx behavioral1/memory/2056-144-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\vvpvj.exe upx behavioral1/memory/836-152-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\llxfrxl.exe upx behavioral1/memory/856-160-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\tnbnbh.exe upx behavioral1/memory/888-175-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\xfffxfr.exe upx C:\ttntbh.exe upx C:\pjvvj.exe upx behavioral1/memory/1436-191-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\lfrflxl.exe upx behavioral1/memory/1144-205-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\7thhhh.exe upx C:\xxffxxr.exe upx behavioral1/memory/1160-213-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\3tnnnt.exe upx behavioral1/memory/1396-221-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2168-229-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\vvpjj.exe upx \??\c:\3rffxfl.exe upx C:\nbtttt.exe upx behavioral1/memory/1328-244-0x0000000000400000-0x0000000000427000-memory.dmp upx C:\rlfrffl.exe upx C:\xrrxllr.exe upx behavioral1/memory/2072-267-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1620-305-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2628-329-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1268-356-0x0000000000400000-0x0000000000427000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
rxlfllf.exexfflxxl.exerlxrrrf.exeffrxffr.exepjdjp.exebhbnbn.exe5lxxllx.exevpddj.exexfflxll.exe1vppj.exe5vdpd.exebtbhtn.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rxlfllf.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language xfflxxl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rlxrrrf.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ffrxffr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language pjdjp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bhbnbn.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 5lxxllx.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vpddj.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language xfflxll.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 1vppj.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 5vdpd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btbhtn.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
9ec862870dccb8b142518eb09403075ef14afcd508c4047243e993d0a7ff7ed5N.exevvvdp.exeffxlrrf.exerlxrffr.exejdvjp.exefffrfrf.exebttbht.exe5vdjv.exe5rlfrxf.exedvjjv.exefxxxflr.exenhttht.exe7dvvv.exexrflxxl.exebthtbh.exevpdjj.exedescription pid process target process PID 2300 wrote to memory of 2872 2300 9ec862870dccb8b142518eb09403075ef14afcd508c4047243e993d0a7ff7ed5N.exe vvvdp.exe PID 2300 wrote to memory of 2872 2300 9ec862870dccb8b142518eb09403075ef14afcd508c4047243e993d0a7ff7ed5N.exe vvvdp.exe PID 2300 wrote to memory of 2872 2300 9ec862870dccb8b142518eb09403075ef14afcd508c4047243e993d0a7ff7ed5N.exe vvvdp.exe PID 2300 wrote to memory of 2872 2300 9ec862870dccb8b142518eb09403075ef14afcd508c4047243e993d0a7ff7ed5N.exe vvvdp.exe PID 2872 wrote to memory of 2644 2872 vvvdp.exe ffxlrrf.exe PID 2872 wrote to memory of 2644 2872 vvvdp.exe ffxlrrf.exe PID 2872 wrote to memory of 2644 2872 vvvdp.exe ffxlrrf.exe PID 2872 wrote to memory of 2644 2872 vvvdp.exe ffxlrrf.exe PID 2644 wrote to memory of 2780 2644 ffxlrrf.exe rlxrffr.exe PID 2644 wrote to memory of 2780 2644 ffxlrrf.exe rlxrffr.exe PID 2644 wrote to memory of 2780 2644 ffxlrrf.exe rlxrffr.exe PID 2644 wrote to memory of 2780 2644 ffxlrrf.exe rlxrffr.exe PID 2780 wrote to memory of 2632 2780 rlxrffr.exe jdvjp.exe PID 2780 wrote to memory of 2632 2780 rlxrffr.exe jdvjp.exe PID 2780 wrote to memory of 2632 2780 rlxrffr.exe jdvjp.exe PID 2780 wrote to memory of 2632 2780 rlxrffr.exe jdvjp.exe PID 2632 wrote to memory of 3052 2632 jdvjp.exe fffrfrf.exe PID 2632 wrote to memory of 3052 2632 jdvjp.exe fffrfrf.exe PID 2632 wrote to memory of 3052 2632 jdvjp.exe fffrfrf.exe PID 2632 wrote to memory of 3052 2632 jdvjp.exe fffrfrf.exe PID 3052 wrote to memory of 264 3052 fffrfrf.exe bttbht.exe PID 3052 wrote to memory of 264 3052 fffrfrf.exe bttbht.exe PID 3052 wrote to memory of 264 3052 fffrfrf.exe bttbht.exe PID 3052 wrote to memory of 264 3052 fffrfrf.exe bttbht.exe PID 264 wrote to memory of 1268 264 bttbht.exe 5vdjv.exe PID 264 wrote to memory of 1268 264 bttbht.exe 5vdjv.exe PID 264 wrote to memory of 1268 264 bttbht.exe 5vdjv.exe PID 264 wrote to memory of 1268 264 bttbht.exe 5vdjv.exe PID 1268 wrote to memory of 1964 1268 5vdjv.exe 5rlfrxf.exe PID 1268 wrote to memory of 1964 1268 5vdjv.exe 5rlfrxf.exe PID 1268 wrote to memory of 1964 1268 5vdjv.exe 5rlfrxf.exe PID 1268 wrote to memory of 1964 1268 5vdjv.exe 5rlfrxf.exe PID 1964 wrote to memory of 1272 1964 5rlfrxf.exe dvjjv.exe PID 1964 wrote to memory of 1272 1964 5rlfrxf.exe dvjjv.exe PID 1964 wrote to memory of 1272 1964 5rlfrxf.exe dvjjv.exe PID 1964 wrote to memory of 1272 1964 5rlfrxf.exe dvjjv.exe PID 1272 wrote to memory of 2560 1272 dvjjv.exe fxxxflr.exe PID 1272 wrote to memory of 2560 1272 dvjjv.exe fxxxflr.exe PID 1272 wrote to memory of 2560 1272 dvjjv.exe fxxxflr.exe PID 1272 wrote to memory of 2560 1272 dvjjv.exe fxxxflr.exe PID 2560 wrote to memory of 2988 2560 fxxxflr.exe nhttht.exe PID 2560 wrote to memory of 2988 2560 fxxxflr.exe nhttht.exe PID 2560 wrote to memory of 2988 2560 fxxxflr.exe nhttht.exe PID 2560 wrote to memory of 2988 2560 fxxxflr.exe nhttht.exe PID 2988 wrote to memory of 2932 2988 nhttht.exe 7dvvv.exe PID 2988 wrote to memory of 2932 2988 nhttht.exe 7dvvv.exe PID 2988 wrote to memory of 2932 2988 nhttht.exe 7dvvv.exe PID 2988 wrote to memory of 2932 2988 nhttht.exe 7dvvv.exe PID 2932 wrote to memory of 2880 2932 7dvvv.exe xrflxxl.exe PID 2932 wrote to memory of 2880 2932 7dvvv.exe xrflxxl.exe PID 2932 wrote to memory of 2880 2932 7dvvv.exe xrflxxl.exe PID 2932 wrote to memory of 2880 2932 7dvvv.exe xrflxxl.exe PID 2880 wrote to memory of 2936 2880 xrflxxl.exe bthtbh.exe PID 2880 wrote to memory of 2936 2880 xrflxxl.exe bthtbh.exe PID 2880 wrote to memory of 2936 2880 xrflxxl.exe bthtbh.exe PID 2880 wrote to memory of 2936 2880 xrflxxl.exe bthtbh.exe PID 2936 wrote to memory of 2676 2936 bthtbh.exe vpdjj.exe PID 2936 wrote to memory of 2676 2936 bthtbh.exe vpdjj.exe PID 2936 wrote to memory of 2676 2936 bthtbh.exe vpdjj.exe PID 2936 wrote to memory of 2676 2936 bthtbh.exe vpdjj.exe PID 2676 wrote to memory of 2056 2676 vpdjj.exe rlfxfrf.exe PID 2676 wrote to memory of 2056 2676 vpdjj.exe rlfxfrf.exe PID 2676 wrote to memory of 2056 2676 vpdjj.exe rlfxfrf.exe PID 2676 wrote to memory of 2056 2676 vpdjj.exe rlfxfrf.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\9ec862870dccb8b142518eb09403075ef14afcd508c4047243e993d0a7ff7ed5N.exe"C:\Users\Admin\AppData\Local\Temp\9ec862870dccb8b142518eb09403075ef14afcd508c4047243e993d0a7ff7ed5N.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2300 -
\??\c:\vvvdp.exec:\vvvdp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2872 -
\??\c:\ffxlrrf.exec:\ffxlrrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2644 -
\??\c:\rlxrffr.exec:\rlxrffr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2780 -
\??\c:\jdvjp.exec:\jdvjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2632 -
\??\c:\fffrfrf.exec:\fffrfrf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3052 -
\??\c:\bttbht.exec:\bttbht.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:264 -
\??\c:\5vdjv.exec:\5vdjv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1268 -
\??\c:\5rlfrxf.exec:\5rlfrxf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1964 -
\??\c:\dvjjv.exec:\dvjjv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1272 -
\??\c:\fxxxflr.exec:\fxxxflr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2560 -
\??\c:\nhttht.exec:\nhttht.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2988 -
\??\c:\7dvvv.exec:\7dvvv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2932 -
\??\c:\xrflxxl.exec:\xrflxxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2880 -
\??\c:\bthtbh.exec:\bthtbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2936 -
\??\c:\vpdjj.exec:\vpdjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2676 -
\??\c:\rlfxfrf.exec:\rlfxfrf.exe17⤵
- Executes dropped EXE
PID:2056 -
\??\c:\btntnb.exec:\btntnb.exe18⤵
- Executes dropped EXE
PID:836 -
\??\c:\vvpvj.exec:\vvpvj.exe19⤵
- Executes dropped EXE
PID:856 -
\??\c:\llxfrxl.exec:\llxfrxl.exe20⤵
- Executes dropped EXE
PID:1772 -
\??\c:\tnbnbh.exec:\tnbnbh.exe21⤵
- Executes dropped EXE
PID:888 -
\??\c:\xfffxfr.exec:\xfffxfr.exe22⤵
- Executes dropped EXE
PID:2008 -
\??\c:\ttntbh.exec:\ttntbh.exe23⤵
- Executes dropped EXE
PID:1436 -
\??\c:\pjvvj.exec:\pjvvj.exe24⤵
- Executes dropped EXE
PID:1536 -
\??\c:\lfrflxl.exec:\lfrflxl.exe25⤵
- Executes dropped EXE
PID:1144 -
\??\c:\7thhhh.exec:\7thhhh.exe26⤵
- Executes dropped EXE
PID:1160 -
\??\c:\xxffxxr.exec:\xxffxxr.exe27⤵
- Executes dropped EXE
PID:1396 -
\??\c:\3tnnnt.exec:\3tnnnt.exe28⤵
- Executes dropped EXE
PID:2168 -
\??\c:\vvpjj.exec:\vvpjj.exe29⤵
- Executes dropped EXE
PID:1552 -
\??\c:\3rffxfl.exec:\3rffxfl.exe30⤵
- Executes dropped EXE
PID:1328 -
\??\c:\nbtttt.exec:\nbtttt.exe31⤵
- Executes dropped EXE
PID:1280 -
\??\c:\rlfrffl.exec:\rlfrffl.exe32⤵
- Executes dropped EXE
PID:2280 -
\??\c:\xrrxllr.exec:\xrrxllr.exe33⤵
- Executes dropped EXE
PID:2072 -
\??\c:\3bhhnt.exec:\3bhhnt.exe34⤵
- Executes dropped EXE
PID:2268 -
\??\c:\pvvdd.exec:\pvvdd.exe35⤵
- Executes dropped EXE
PID:2696 -
\??\c:\fxrxlxf.exec:\fxrxlxf.exe36⤵
- Executes dropped EXE
PID:892 -
\??\c:\hhbnhn.exec:\hhbnhn.exe37⤵
- Executes dropped EXE
PID:1036 -
\??\c:\vpvvd.exec:\vpvvd.exe38⤵
- Executes dropped EXE
PID:2540 -
\??\c:\ppjvd.exec:\ppjvd.exe39⤵
- Executes dropped EXE
PID:2904 -
\??\c:\1lflrxf.exec:\1lflrxf.exe40⤵
- Executes dropped EXE
PID:1620 -
\??\c:\hbthnn.exec:\hbthnn.exe41⤵
- Executes dropped EXE
PID:2816 -
\??\c:\hbbnht.exec:\hbbnht.exe42⤵
- Executes dropped EXE
PID:2804 -
\??\c:\ppvvd.exec:\ppvvd.exe43⤵
- Executes dropped EXE
PID:2284 -
\??\c:\3xrrrfr.exec:\3xrrrfr.exe44⤵
- Executes dropped EXE
PID:2628 -
\??\c:\nhtbnn.exec:\nhtbnn.exe45⤵
- Executes dropped EXE
PID:2692 -
\??\c:\jpddv.exec:\jpddv.exe46⤵
- Executes dropped EXE
PID:2668 -
\??\c:\5flrrxf.exec:\5flrrxf.exe47⤵
- Executes dropped EXE
PID:536 -
\??\c:\rxlfllf.exec:\rxlfllf.exe48⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:880 -
\??\c:\bnnnbb.exec:\bnnnbb.exe49⤵
- Executes dropped EXE
PID:588 -
\??\c:\jjddj.exec:\jjddj.exe50⤵
- Executes dropped EXE
PID:1268 -
\??\c:\7xrxffl.exec:\7xrxffl.exe51⤵
- Executes dropped EXE
PID:820 -
\??\c:\7btbhh.exec:\7btbhh.exe52⤵
- Executes dropped EXE
PID:2088 -
\??\c:\nbnhhh.exec:\nbnhhh.exe53⤵
- Executes dropped EXE
PID:2420 -
\??\c:\9djjj.exec:\9djjj.exe54⤵
- Executes dropped EXE
PID:2992 -
\??\c:\xrlrflx.exec:\xrlrflx.exe55⤵
- Executes dropped EXE
PID:2820 -
\??\c:\7frrrrr.exec:\7frrrrr.exe56⤵
- Executes dropped EXE
PID:2604 -
\??\c:\1tnthn.exec:\1tnthn.exe57⤵
- Executes dropped EXE
PID:1256 -
\??\c:\jjddv.exec:\jjddv.exe58⤵
- Executes dropped EXE
PID:2924 -
\??\c:\fxxxlxr.exec:\fxxxlxr.exe59⤵
- Executes dropped EXE
PID:3024 -
\??\c:\hbnntt.exec:\hbnntt.exe60⤵
- Executes dropped EXE
PID:1804 -
\??\c:\tnhttb.exec:\tnhttb.exe61⤵
- Executes dropped EXE
PID:688 -
\??\c:\jdppj.exec:\jdppj.exe62⤵
- Executes dropped EXE
PID:2448 -
\??\c:\5lxlrxl.exec:\5lxlrxl.exe63⤵
- Executes dropped EXE
PID:1404 -
\??\c:\hthhnn.exec:\hthhnn.exe64⤵
- Executes dropped EXE
PID:1856 -
\??\c:\btntbb.exec:\btntbb.exe65⤵
- Executes dropped EXE
PID:856 -
\??\c:\vpdjp.exec:\vpdjp.exe66⤵PID:1948
-
\??\c:\jvpvd.exec:\jvpvd.exe67⤵PID:2120
-
\??\c:\lfrxlxl.exec:\lfrxlxl.exe68⤵PID:888
-
\??\c:\llfrflf.exec:\llfrflf.exe69⤵PID:1112
-
\??\c:\ttnhbb.exec:\ttnhbb.exe70⤵PID:1520
-
\??\c:\pjdjp.exec:\pjdjp.exe71⤵PID:2004
-
\??\c:\fxrlllx.exec:\fxrlllx.exe72⤵PID:2552
-
\??\c:\bhbhnt.exec:\bhbhnt.exe73⤵PID:1680
-
\??\c:\hnntnt.exec:\hnntnt.exe74⤵PID:1160
-
\??\c:\3vjjj.exec:\3vjjj.exe75⤵PID:1720
-
\??\c:\rlrlllr.exec:\rlrlllr.exe76⤵PID:1784
-
\??\c:\xxrxlrx.exec:\xxrxlrx.exe77⤵PID:2428
-
\??\c:\bnhbbb.exec:\bnhbbb.exe78⤵PID:908
-
\??\c:\7jjjv.exec:\7jjjv.exe79⤵PID:2044
-
\??\c:\pdjdd.exec:\pdjdd.exe80⤵PID:2416
-
\??\c:\ffrrxll.exec:\ffrrxll.exe81⤵PID:2524
-
\??\c:\ttttnn.exec:\ttttnn.exe82⤵PID:2204
-
\??\c:\3hnhhb.exec:\3hnhhb.exe83⤵PID:2052
-
\??\c:\vjvdv.exec:\vjvdv.exe84⤵PID:1748
-
\??\c:\9pvpd.exec:\9pvpd.exe85⤵PID:2376
-
\??\c:\fxfflrf.exec:\fxfflrf.exe86⤵PID:892
-
\??\c:\5bbbhn.exec:\5bbbhn.exe87⤵PID:1036
-
\??\c:\1vjvv.exec:\1vjvv.exe88⤵PID:2540
-
\??\c:\ppddj.exec:\ppddj.exe89⤵PID:2732
-
\??\c:\rlfxfrf.exec:\rlfxfrf.exe90⤵PID:2892
-
\??\c:\xxlrxfr.exec:\xxlrxfr.exe91⤵PID:2816
-
\??\c:\bhthhn.exec:\bhthhn.exe92⤵PID:2728
-
\??\c:\vvpdp.exec:\vvpdp.exe93⤵PID:2660
-
\??\c:\djvvv.exec:\djvvv.exe94⤵PID:1816
-
\??\c:\5lxxllx.exec:\5lxxllx.exe95⤵
- System Location Discovery: System Language Discovery
PID:2692 -
\??\c:\3thhbh.exec:\3thhbh.exe96⤵PID:3052
-
\??\c:\bnbbbh.exec:\bnbbbh.exe97⤵PID:1796
-
\??\c:\jddjv.exec:\jddjv.exe98⤵PID:880
-
\??\c:\lllxrrx.exec:\lllxrrx.exe99⤵PID:588
-
\??\c:\xlllrrx.exec:\xlllrrx.exe100⤵PID:936
-
\??\c:\bnhhtb.exec:\bnhhtb.exe101⤵PID:2272
-
\??\c:\hbntbh.exec:\hbntbh.exe102⤵PID:2088
-
\??\c:\pjdvj.exec:\pjdvj.exe103⤵PID:2560
-
\??\c:\lflflfl.exec:\lflflfl.exe104⤵PID:2832
-
\??\c:\1xllrxf.exec:\1xllrxf.exe105⤵PID:1984
-
\??\c:\tttbhn.exec:\tttbhn.exe106⤵PID:2792
-
\??\c:\7jddp.exec:\7jddp.exe107⤵PID:2940
-
\??\c:\vvjpd.exec:\vvjpd.exe108⤵PID:2928
-
\??\c:\xrfrxxl.exec:\xrfrxxl.exe109⤵PID:2712
-
\??\c:\9xrrrxf.exec:\9xrrrxf.exe110⤵PID:2380
-
\??\c:\bttthh.exec:\bttthh.exe111⤵PID:644
-
\??\c:\ddvvd.exec:\ddvvd.exe112⤵PID:1260
-
\??\c:\9pjvd.exec:\9pjvd.exe113⤵PID:1288
-
\??\c:\xxlflrx.exec:\xxlflrx.exe114⤵PID:2256
-
\??\c:\7lfrxxf.exec:\7lfrxxf.exe115⤵PID:2112
-
\??\c:\btbbhh.exec:\btbbhh.exe116⤵PID:2096
-
\??\c:\bttbhn.exec:\bttbhn.exe117⤵PID:2960
-
\??\c:\pjdpv.exec:\pjdpv.exe118⤵PID:2956
-
\??\c:\ffrffrx.exec:\ffrffrx.exe119⤵PID:1348
-
\??\c:\fxrfffl.exec:\fxrfffl.exe120⤵PID:448
-
\??\c:\1tntbb.exec:\1tntbb.exe121⤵PID:1768
-
\??\c:\pjpjp.exec:\pjpjp.exe122⤵PID:1204
-
\??\c:\3pddp.exec:\3pddp.exe123⤵PID:1516
-
\??\c:\xrfrxfl.exec:\xrfrxfl.exe124⤵PID:1396
-
\??\c:\bthhhn.exec:\bthhhn.exe125⤵PID:2168
-
\??\c:\pjvdj.exec:\pjvdj.exe126⤵PID:2160
-
\??\c:\7pppj.exec:\7pppj.exe127⤵PID:1792
-
\??\c:\lfffxlx.exec:\lfffxlx.exe128⤵PID:1052
-
\??\c:\nnhthn.exec:\nnhthn.exe129⤵PID:868
-
\??\c:\bbthtt.exec:\bbthtt.exe130⤵PID:2564
-
\??\c:\3pjvj.exec:\3pjvj.exe131⤵PID:1496
-
\??\c:\fxrxfxf.exec:\fxrxfxf.exe132⤵PID:2432
-
\??\c:\nhhnhh.exec:\nhhnhh.exe133⤵PID:2264
-
\??\c:\nhntbh.exec:\nhntbh.exe134⤵PID:1100
-
\??\c:\bthhbt.exec:\bthhbt.exe135⤵PID:1916
-
\??\c:\ppjpv.exec:\ppjpv.exe136⤵PID:1840
-
\??\c:\lrxllxx.exec:\lrxllxx.exe137⤵PID:2440
-
\??\c:\ttntbb.exec:\ttntbb.exe138⤵PID:2876
-
\??\c:\5htntt.exec:\5htntt.exe139⤵PID:2732
-
\??\c:\pjpvv.exec:\pjpvv.exe140⤵PID:2704
-
\??\c:\dvjpd.exec:\dvjpd.exe141⤵PID:2516
-
\??\c:\lrfflfl.exec:\lrfflfl.exe142⤵PID:2648
-
\??\c:\vpjvp.exec:\vpjvp.exe143⤵PID:2636
-
\??\c:\xxxxflx.exec:\xxxxflx.exe144⤵PID:2336
-
\??\c:\5lffflr.exec:\5lffflr.exe145⤵PID:784
-
\??\c:\1ntbnb.exec:\1ntbnb.exe146⤵PID:3052
-
\??\c:\btnntb.exec:\btnntb.exe147⤵PID:988
-
\??\c:\7vjdj.exec:\7vjdj.exe148⤵PID:880
-
\??\c:\1jvdd.exec:\1jvdd.exe149⤵PID:2068
-
\??\c:\fxlrxxf.exec:\fxlrxxf.exe150⤵PID:2012
-
\??\c:\9ntbhh.exec:\9ntbhh.exe151⤵PID:2404
-
\??\c:\7nhtnb.exec:\7nhtnb.exe152⤵PID:2088
-
\??\c:\jvvjv.exec:\jvvjv.exe153⤵PID:2988
-
\??\c:\9vjdd.exec:\9vjdd.exe154⤵PID:1264
-
\??\c:\lfxfrxf.exec:\lfxfrxf.exe155⤵PID:2460
-
\??\c:\hhnbnh.exec:\hhnbnh.exe156⤵PID:2232
-
\??\c:\nthhhh.exec:\nthhhh.exe157⤵PID:2076
-
\??\c:\jvjpd.exec:\jvjpd.exe158⤵PID:1968
-
\??\c:\3vdvp.exec:\3vdvp.exe159⤵PID:1508
-
\??\c:\fxrrxlf.exec:\fxrrxlf.exe160⤵PID:1872
-
\??\c:\ntbtth.exec:\ntbtth.exe161⤵PID:2448
-
\??\c:\hhhtbh.exec:\hhhtbh.exe162⤵PID:1404
-
\??\c:\vjpvj.exec:\vjpvj.exe163⤵PID:1856
-
\??\c:\lxxxxxx.exec:\lxxxxxx.exe164⤵PID:2412
-
\??\c:\7lllfxx.exec:\7lllfxx.exe165⤵PID:3020
-
\??\c:\nhbbbb.exec:\nhbbbb.exe166⤵PID:2096
-
\??\c:\vjddd.exec:\vjddd.exe167⤵PID:2008
-
\??\c:\3xxxxxf.exec:\3xxxxxf.exe168⤵PID:2956
-
\??\c:\xrlxlfl.exec:\xrlxlfl.exe169⤵PID:1096
-
\??\c:\hbnhbb.exec:\hbnhbb.exe170⤵PID:2384
-
\??\c:\9dvdv.exec:\9dvdv.exe171⤵PID:2400
-
\??\c:\dpvdp.exec:\dpvdp.exe172⤵PID:700
-
\??\c:\rlxxrll.exec:\rlxxrll.exe173⤵PID:1300
-
\??\c:\nnhthn.exec:\nnhthn.exe174⤵PID:1516
-
\??\c:\5bhbbb.exec:\5bhbbb.exe175⤵PID:1652
-
\??\c:\dvddj.exec:\dvddj.exe176⤵PID:1296
-
\??\c:\lfxlllx.exec:\lfxlllx.exe177⤵PID:2428
-
\??\c:\5xrxflr.exec:\5xrxflr.exe178⤵PID:1712
-
\??\c:\7bbhnt.exec:\7bbhnt.exe179⤵PID:2044
-
\??\c:\tnbhhn.exec:\tnbhhn.exe180⤵PID:1996
-
\??\c:\5ddpv.exec:\5ddpv.exe181⤵PID:1544
-
\??\c:\1rlrflr.exec:\1rlrflr.exe182⤵PID:2204
-
\??\c:\lfflxrx.exec:\lfflxrx.exe183⤵PID:348
-
\??\c:\nbnntt.exec:\nbnntt.exe184⤵PID:1028
-
\??\c:\9nbnnh.exec:\9nbnnh.exe185⤵PID:2888
-
\??\c:\jddjd.exec:\jddjd.exe186⤵PID:2300
-
\??\c:\9xxrrff.exec:\9xxrrff.exe187⤵PID:1612
-
\??\c:\1nbbtn.exec:\1nbbtn.exe188⤵PID:2540
-
\??\c:\hbntth.exec:\hbntth.exe189⤵PID:2796
-
\??\c:\dvppd.exec:\dvppd.exe190⤵PID:3036
-
\??\c:\pjdpd.exec:\pjdpd.exe191⤵PID:2672
-
\??\c:\xrllxxr.exec:\xrllxxr.exe192⤵PID:2516
-
\??\c:\nbtbhn.exec:\nbtbhn.exe193⤵PID:2780
-
\??\c:\tnhhth.exec:\tnhhth.exe194⤵PID:2092
-
\??\c:\ddvdd.exec:\ddvdd.exe195⤵PID:2736
-
\??\c:\jjvvp.exec:\jjvvp.exe196⤵PID:536
-
\??\c:\xxrxlxl.exec:\xxrxlxl.exe197⤵PID:1796
-
\??\c:\ntnhbh.exec:\ntnhbh.exe198⤵PID:2828
-
\??\c:\nhtntb.exec:\nhtntb.exe199⤵PID:2920
-
\??\c:\9pvvp.exec:\9pvvp.exe200⤵PID:1272
-
\??\c:\3fxfllx.exec:\3fxfllx.exe201⤵PID:2984
-
\??\c:\frflxrx.exec:\frflxrx.exe202⤵PID:2084
-
\??\c:\nhbnth.exec:\nhbnth.exe203⤵PID:2992
-
\??\c:\5bbbnn.exec:\5bbbnn.exe204⤵PID:2820
-
\??\c:\9jjjp.exec:\9jjjp.exe205⤵PID:2604
-
\??\c:\djdpd.exec:\djdpd.exe206⤵PID:1264
-
\??\c:\xlxlfff.exec:\xlxlfff.exe207⤵PID:1256
-
\??\c:\hbntbb.exec:\hbntbb.exe208⤵PID:2232
-
\??\c:\hbnthh.exec:\hbnthh.exe209⤵PID:1332
-
\??\c:\vdddp.exec:\vdddp.exe210⤵PID:2508
-
\??\c:\xrllrrx.exec:\xrllrrx.exe211⤵PID:1532
-
\??\c:\rlxrrll.exec:\rlxrrll.exe212⤵PID:1872
-
\??\c:\thbhtb.exec:\thbhtb.exe213⤵PID:1600
-
\??\c:\nhtbhb.exec:\nhtbhb.exe214⤵PID:2340
-
\??\c:\dvpjj.exec:\dvpjj.exe215⤵PID:2112
-
\??\c:\rfxrrrx.exec:\rfxrrrx.exe216⤵PID:2308
-
\??\c:\5lrxxxf.exec:\5lrxxxf.exe217⤵PID:1948
-
\??\c:\tthhnt.exec:\tthhnt.exe218⤵PID:2472
-
\??\c:\vjvdj.exec:\vjvdj.exe219⤵PID:2008
-
\??\c:\jvppv.exec:\jvppv.exe220⤵PID:996
-
\??\c:\rfxllrx.exec:\rfxllrx.exe221⤵PID:1096
-
\??\c:\xrfflrr.exec:\xrfflrr.exe222⤵PID:2364
-
\??\c:\tnnnth.exec:\tnnnth.exe223⤵PID:2016
-
\??\c:\tnhthh.exec:\tnhthh.exe224⤵PID:708
-
\??\c:\7jdjp.exec:\7jdjp.exe225⤵PID:1300
-
\??\c:\llxxxrx.exec:\llxxxrx.exe226⤵PID:288
-
\??\c:\xrlrxlx.exec:\xrlrxlx.exe227⤵PID:1652
-
\??\c:\9nbhbh.exec:\9nbhbh.exe228⤵PID:1296
-
\??\c:\jjvvj.exec:\jjvvj.exe229⤵PID:2428
-
\??\c:\xxfrxlx.exec:\xxfrxlx.exe230⤵PID:1280
-
\??\c:\3lflxxf.exec:\3lflxxf.exe231⤵PID:2044
-
\??\c:\nhhnbh.exec:\nhhnbh.exe232⤵PID:1996
-
\??\c:\nhtnbh.exec:\nhtnbh.exe233⤵PID:1544
-
\??\c:\5pjjd.exec:\5pjjd.exe234⤵PID:2180
-
\??\c:\jdvvp.exec:\jdvvp.exe235⤵PID:2268
-
\??\c:\9llflrx.exec:\9llflrx.exe236⤵PID:1100
-
\??\c:\bbtnhn.exec:\bbtnhn.exe237⤵PID:2624
-
\??\c:\nhbnht.exec:\nhbnht.exe238⤵PID:1624
-
\??\c:\ddvdp.exec:\ddvdp.exe239⤵PID:2300
-
\??\c:\1dppp.exec:\1dppp.exe240⤵PID:1612
-
\??\c:\rlxfxll.exec:\rlxfxll.exe241⤵PID:2784
-
\??\c:\nnhhtb.exec:\nnhhtb.exe242⤵PID:2804